<?php
error_reporting(7);

if (!$_GET['action'] AND !$_POST['action']) {
        $_GET['action'] = "view";
} 

if ($_GET['action'] == "add") {
        $template_name = "admin_add.htm";
        require "common.php"; 
        // START 检查权限
        if (!$perm->check_permission(ROLE, ROLE_ADD_ADMIN)) {
                display_nopermission();
        }
        // END 检查权限
        $roles = $DB->query("SELECT * FROM roles");
        while ($role = $DB->fetch_array($roles)) {
                $tmp[$role[id]] = $role['title'];
        } 
        $tpl->assign("roles", $tmp);
        $tpl->output();
} 

if ($_POST['action'] == "insert") {
        require "common.php"; 
        // START 检查权限
        if (!$perm->check_permission(ROLE, ROLE_ADD_ADMIN)) {
                display_nopermission();
        }
        // END 检查权限
        $username = html_trim($_POST['username']);
        $password = trim($_POST['password']);

        $realname = html_trim($_POST['realname']);
        $e_name = html_trim($_POST['e_name']);
        $role_id = intval($_POST['role_id']);

        if ($username == '') {
                display_error('用户名不能为空！');
        } 
        if ($password == '') {
                display_error("密码不能为空！");
        }
        if ($e_name == '') {
                display_error("英文名不能为空！");
        } 
        $check = $DB->query_first("SELECT * FROM admins WHERE username LIKE '" . addslashes($username) . "'");
        if ($check) {
                display_error("该用户已存在！");
        }
        $check = $DB->query_first("SELECT * FROM admins WHERE e_name LIKE '" . addslashes($e_name) . "'");
        if ($check) {
                display_error("该英文名已存在！");
        } 
        $DB->query("INSERT INTO admins
        		SET username='" . addslashes($username) . "',
                        password='" . md5($password) . "',
                        role_id='" . intval($role_id) . "',
                        realname='" . addslashes($realname) . "',
                        e_name='" . addslashes($e_name) . "',
                        date_create='" . time() . "',
                        date_update='" . time() . "',
                        date_login='" . time() . "'
        		");
        redirect("./admin.php?action=view", "添加成功！");
} 

if ($_GET[action] == "edit") {
        $template_name = "admin_edit.htm";
        require "common.php"; 
        // START 检查权限
        if (!$perm->check_permission(ROLE, ROLE_EDIT_ADMIN)) {
                display_nopermission();
        }
        // END 检查权限
        $adminid = intval($_GET['adminid']);
        $admin = $DB->query_first("SELECT * FROM admins WHERE adminid='$adminid'");
        if (!$admin) {
                display_error('该用户不存在或已被删除！');
        } 
        $tpl->assign($admin);
        $roles = $DB->query("SELECT * FROM roles");
        while ($role = $DB->fetch_array($roles)) {
                $tmp[$role['id']] = $role['title'];
        } 
        $tpl->assign("roles", $tmp);
        $tpl->output();
} 

if ($_POST['action'] == "update") {
        require "common.php"; 
        // START 检查权限
        if (!$perm->check_permission(ROLE, ROLE_EDIT_ADMIN)) {
                display_nopermission();
        }
        // END 检查权限
        $adminid = intval($_POST['adminid']);
        $admin = $DB->query_first("SELECT * FROM admins WHERE adminid='$adminid'");
        if (!$admin) {
                display_error('该用户不存在或已被删除！');
        } 
        $username = html_trim($_POST['username']);
        $password = trim($_POST['password']);

        $e_name = html_trim($_POST['e_name']); 
        $realname = html_trim($_POST[realname]);
        $role_id = intval($_POST[role_id]);

        if ($username == '') {
                display_error('用户英文名不能为空！');
        } 
        $check = $DB->query_first("SELECT * FROM admins
					WHERE username LIKE '" . addslashes($username) . "'
					AND adminid<>$adminid");
        if ($check) {
                display_error("该用户已存在！");
        }
        
        $check = $DB->query_first("SELECT * FROM admins
                                        WHERE username LIKE '" . addslashes($username) . "'
                                        AND adminid=adminid"); 
        $old_e_name = $check['e_name'];
        if($old_e_name!=$e_name){
                if($old_e_name!=''){
                        $return = file_get_contents('http://cms.xunlei.com/Interface/changeEname/'.urlencode($old_e_name).'/'.urlencode($e_name));
                        $return = intval($return);
                        if(!$return){
                                display_error("英文名修改失败，请重新提交尝试！");       
                        }        
                }
        }

        $DB->query("UPDATE admins
        		SET username='" . addslashes($username) . "',
                        role_id='" . intval($role_id) . "',
                        realname='" . addslashes($realname) . "',
                        e_name='" . addslashes($e_name) . "',
                        date_update='" . time() . "'
                        WHERE adminid='$adminid'
        		");
        if ($password != '') {
                $DB->query("UPDATE admins
        		SET password='" . md5($password) . "'
                        WHERE adminid='$adminid'
        		");
        } 

        if ($adminid == $_SESSION['admininfo']['adminid']) {
                $check = $DB->query_first("SELECT * FROM admins
						WHERE adminid='$adminid'
							");
                $_SESSION['admininfo'] = $check;
        } 

        redirect("./admin.php?action=view", "更新成功！");
} 

if ($_GET[action] == "remove") {
        require "common.php"; 
        // START 检查权限
        if (!$perm->check_permission(ROLE, ROLE_REMOVE_ADMIN)) {
                display_nopermission();
        }
        // END 检查权限
        $adminid = intval($_GET['adminid']);
        $DB->query("DELETE FROM admins WHERE adminid='$adminid'");

        redirect("javascript:window.history.go(-1)", "删除成功！");
}

if ($_GET[action] == "view") {
        $template_name = "admin_view.htm";
        require "common.php"; 
        // START 检查权限
        if (!$perm->check_permission(ROLE, ROLE_VIEW_ADMIN)) {
                display_nopermission();
        }
        // END 检查权限
        
        $role_id = intval($_GET['role_id']);
        $condition = array();
        if($role_id){
                $condition[] = " admin.role_id = '$role_id'";
                $tpl->assign('role_id', $role_id);
        }

        $username = html_trim($_GET['username']);
        if ($username != '') {
                $condition[] = " admin.username LIKE '%".addslashes($username)."%' ";
                $tpl->assign("username", $username);
        }

        $e_name = html_trim($_GET['e_name']);
        if ($e_name != '') {
                $condition[] = " admin.e_name LIKE '%".addslashes($e_name)."%' ";
                $tpl->assign("e_name", $e_name);
        }

        $realname = html_trim($_GET['realname']);
        if ($realname != '') {
                $condition[] = " admin.realname LIKE '%".addslashes($realname)."%' ";
                $tpl->assign("realname", $realname);
        }

        if($condition){
                $conditions = implode(' AND ', $condition);
                $conditions = " WHERE ". $conditions;
        }
        $total = $DB->query_first("SELECT COUNT(*) AS count FROM admins admin $conditions");

        if ($total[count]) {
                $pager = new pager($total[count]);
                $tpl->assign($pager->result);
                $results = $DB->query("SELECT adminid FROM admins admin $conditions
                				ORDER BY adminid DESC
                				LIMIT $pager->offset,$pager->perpage");
                $adminids = "0";
                while ($result = $DB->fetch_array($results)) {
                        $adminids .= "," . $result[adminid];
                }
                $DB->free_result($results);
		$sql = "SELECT admin.*,role.title AS role FROM admins admin
				LEFT JOIN roles role
					ON role.id=admin.role_id
				WHERE adminid IN ($adminids)
				ORDER BY adminid DESC
				";
                $results = $DB->query($sql);
                while ($result = $DB->fetch_array($results)) {
                        $result['date_login'] = get_admin_date($result['date_login']);
			$result['date_update'] = get_admin_date($result['date_update']);
			$result['date_create'] = get_admin_date($result['date_create']);
                        $tpl->append("results", $result);
                }
                $DB->free_result($results);
        }
        $result_role = $DB->query("SELECT * FROM roles");
        $roles = array();
        while($role = $DB->fetch_array($result_role)) {
                $roles[$role['id']] = $role['title'];
        }
        $tpl->assign('roles', $roles);
        $tpl->output();
}

?>